Friday, January 30, 2009

McAfee quarantines AOL-associated EXE's ACSROLLB, ACSLAEU; false alarms?

Today my McAfee virus scan, on a laptop, quarantined eight files or items associated with ACSLAEU.EXE. I found them on the McAfee scan results with the “Restore” and “files” from the McAfee advanced menu.

I checked this online and found this reference showing that the item is associated with AOL, probably the dialup (which I use only on the laptop). It appears that these are probably “safe” and “false alarms”.

Prevx also has a similar report, as “under review", report here.

However, a Geek Squad person told me that AOL dialup’s penchant for opening other ports is potentially very dangerous.

The item is capable of changing registry keys and starting new processes, although McAfee seems to indicate that this never actually happened on my machine.

Previously, in Sept 2008, I had been warned by McAfee about another similar item, ACSROLLB, writeup here.

It appears that AOL has been “implicated” in this issue since March 2008.

McAfee site’s own search doesn’t show these as “viruses”. If someone knows more about these items, please feel free to comment.

Wednesday, January 28, 2009

Obama websites have been a target of "malware"

A story by Terrence O’Brien on Switched on Jan. 27 points out the danger of Obama imitation sites offering viruses. A “MyBarackObama” network has encouraged the poting of fake blogs and profiles with fake YouTube videos (they aren’t really on YouTube) that, when played, can load spyware or sometimes pornography, particularly dangerous in a workplace or school environment (or conceivably leading to the possibility of false possession charges later, as noted in a few postings here, like yesterday’s).

Obama’s campaign site last spring was hacked at least once, according to the story.

The story also reminds one of the “news spam”, as reported Jan. 3: fake blog entries (sometimes on legitimate blog publishing services), often with a lot of nonsense text scraped from legitimate sites that contained controversial news stories, with, again, fake YouTube videos that could load viruses if clicked or “played.” McAfee SiteAdvisor and WebofTrust or other site rating services often don’t find these in time to warn visitors about them.

We have a tech savvy president who may take more direct interest in this problem than did his predecessor.

Tuesday, January 27, 2009

Connecticut will not fully admit that a school system virus led to a wrongful substitute teacher prosecution and conviction

This morning, Tuesday, Jan. 27, ABC “Good Morning America” presented the case of a substitute teacher, Julie Amero, in Connecticut wrongfully prosecuted when malware on a school district’s computer system caused pornographic popups to appear on her classroom computer in front of middle school kids.

I reported on this problem June 7, 2007 on this blog.

She was actually convicted of a felony (endangerment of minors) and faced four years in prison. Then the conviction was reversed, but the state, with the right to retry, insisted on a plea deal with a misdemeanor conviction ("disorderly conduct") and an agreement never to appear in a classroom again.

It appears that the state of Connecticut wants to ‘save face” and does not want to admit that inadequate network security would have caused this problem; such an admission would ruin a prosecutor's career. The state had boxed itself into a corner, using "expert witnesses" to "prove" that the teacher had visited inappropriate sites.

On the show, Amero said that he had very little computer training and did not know where the off button was to turn off the computer.

Computer experts showed that no one could have clicked on as many links as to cause all the popups that appeared quickly. Security professionals showed that malware caused the popups, not anything that the substitute teacher did on the computer.

It was several days after the incident before the school called her in and she was arrested. Kids had told parents who, often not aware of computer viruses themselves, complained.

She has had poor health, and reportedly had a miscarriage. Her husband appeared with her on the show.

The interview story is not yet present on the abcnews website. I will check for it later today. UPDATE (11:30 AM). The ABC News story is "Teacher: Wrong Computer Click Ruined My Life; Julie Amero Faced Up to 40 Years in Prison After Spyware Caused Porn to Pop Up on Her Classroom Computer", story by Imaeyen Ibanga, link here.

There ought to be a grass roots effort to get even the misdemeanor conviction overturned. This is outrageous!

Thursday, January 22, 2009

Legal experts warn kids on cell phone pictures; prosecutors get aggressive

Today (Jan 22), the NBC Today (during the 10 AM EST hour) show featured Parry Aftab, an attorney from Wiredsaftey, talking about the legally and socially dangerous practice of “sexting” among teenagers. Minor-aged girls take legally inappropriate photos and send them by cell phone to boys. In both Ohio and Pennsylvania recently, district attorneys have prosecuted senders and/or receivers for transmitting or possessing child pornography and threatened to place them on registered sex offender lists.

I’ll add that this kind of prosecution seems like an abuse of the concept, an issue that John Stossel has covered on ABC 20/20 in his “give me a break” series.

Nevertheless, teens and parents have to be aware of the possibility of this kind of prosecution. In Cleveland, a judge sentenced teens to probation if they would lecture others on the dangers of the practice.

Parry Aftab’s blog is here.

The Today show reminded viewers that cell phones have much weaker filtering and minor protection than do Internet sites, but that cell phone photos are easily uploaded to the Internet and can stay there forever, to be found by colleges and employers, a “reputation defense” problem often previously discussed on these blogs (including yesterday on the Dr. Phil show).

I see that I have an earlier posting on this problem on October 10, 2008 on my COPA blog (see my Profile).

Saturday, January 17, 2009

New corporate network virus may have infected 8 million machines this week (downadup virus)

Barry Neild of CNN has a report on the “Downadup” virus that has infected 8 million or so windows PC’s, mostly on corporate networks. It seems to spread when an infected laptop is connected to a network. It seems to be a sleeper poised to steal personal and financial information later. Most of the infections occurred this week. The worm is also known as "Conficker".

The CNN story is here.

In a related develop McAfee now offers a Fourth Annual Virtual Criminology Report now. Visitors must register. The link is here. The report appears to pay particular attention to “social engineering.”

Update: Jan 28, 2009

AOL offers a similar story from Switched, here. It is also called the Conficker virus.

Tuesday, January 06, 2009

Twitter accounts of Barack Obama and other "rock stars" compromised

CNN is reporting that the Twitter accounts of Barack Obama and Britney Spears have been hacked, in this news story. 29 other people including Bill O’Reilly and Rick Sanchez also were affected, resulting in inappropriate messages being posted on their accounts. The access point had to do with the password reset mechanism. The story is here.

Presumably the Secret Service could become involved in investigating since the president-elect was compromised.

There is a more detailed story with examples by Marshall Kirkpatrick on “Read Write Web” here.

A search engine investigation shows that other security issues have been reported with Twitter before.

Monday, January 05, 2009

More stories about supposedly infected videos

Following on with Saturday’s posting about spyware-infected videos showing up in spam blogs that seem to ride on sensational news stories, I found this item by Doug Aamoth on Crunchgear, dated Dec. 8, 2008 about a supposed “Actns/Swif.T virus” in some videos that would download a phony “Antivirus 2009”. I think I saw that pop up myself about two months ago on my own computer, and I stopped it immediately, and McCafee since then has shown no infection. The link for the story is here. Later Aamoth offered an update about Computer Associates anti-virus as returning false positives on some video files. There is more about this at “Supergeekblog” here.

McCafee has a report on “Downloader-UA.h” which presents fake video and music files here. But I couldn't find "Actns" documented on McAfee.

So I’m not sure yet how all the pieces fit in these stories about infected videos and spam, but they do bear careful watching.

Saturday, January 03, 2009

Media “cloak and dagger” and frightening financial stories stir up a new wave of spam blogs; home users should be vary of some embedded videos

Web surfers should be aware of a particular kind of “social engineering” that may be accompanying spam blogs.

The basic idea is that a spammer sets up a blog or series of blogs that appear to deal with some arcane and controversial topics, particularly crime or terrorism stories and various matters associated with the recent financial meltdown. This sort of activity apparently increases during times of sensational media news about various perils (particularly the “cloak and dagger” variety), as recently. Then the spammer may provide what look like embedded YouTube video links but are actually applications that if clicked could infect the user with spyware.

Some of these blogs may contain a lot of extraneous “farm” links, but not all do. Some (but not all) may contain text or links in foreign languages, especially Chinese or Russian. (The Chinese "text" is hard to figure since China blocks so many sites anyway.) Generally, regardless of language, the text starts out with a couple of complete sentences and gradually turns nonsensical and repetitive, as if written by an automated script. The piece as whole does not make much sense outside of two or three sentences, that probably were scraped from legitimate sites. Some may use blog names for blogs that have been deleted by the original owners (in which case they could cause post "online reputation" problems for the original owners). They may tend to have entries that span only a month or two.

The problem has been known from as far back as 2005, according to Wikipedia. But the problem may have increased during the latter part of 2008 (particularly in September), particularly about the time of the financial implosion, as well as some particularly sensational crimes around Washington DC and some other cities. (Wikipedia reports a spike in April 2008, also.) Unfortunately, spammers have developed high-powered algorithms to get around captcha technology. Generally, the greatest risk for home users would come from the video links or perhaps the external links, not the text itself; but home and small business users should learn to recognize this pattern. Modern anti-virus protection DAT files may or may not identify most of these threats.

Because of the controversy over the subject matter, users may become intrigued and believe that the posts have some hidden “steganographic” information. Perhaps this is simple gullibility, but law enforcement should take seriously the apparent increase in such sites since the time that these particularly sensational news items started to play out in the media. These fake blogs could point to new schemes for massive bank fraud and identity theft, or they could contain legitimate clues about ongoing criminal investigations, although the likelihood of the latter possibility seems rather remote.

Picture: translation from such a site in Chinese (copied to a flat file), but translation software cannot translate it completely, another symptom.

Thursday, January 01, 2009

More states pass laws on cyber-bullying; how schools get involved is debated

The Washington Post is reporting on Jan. 1, on an “Around the Nation” page, that a large number of states are passing cyberbullying laws now, but remain in a quandary as to the role of public schools in enforcing them. The story, by Ashley Surdin, appears on p. A3, “In several states, a push to stem cyber-bullying: Most of the laws focus on schools,” link here.

The states with laws include Arkansas, Delaware, Idaho, Iowa, Michigan, Minnesota, Nebraska, New Jersey, Oklahoma, Oregon, South Carolina, and Washington. California has also passed a law authorizing public schools to suspend students credibly suspected of cyberbullying.

But there is controversy over whether schools should take action about Internet activity of students from their homes. Some say that this is beyond a school’s jurisdiction, and that responsibility belongs with parents or police. But, because of the omnipresence of the Internet, the practical effect of web postings can occur on school grounds and become a problem for school administrators. This would include attempts to harass teachers as well as students online.

An argument for involving the schools in enforcement is that schools need to be providing curricular instruction in how to use the Internet safely.

One problem is that some aspects of these laws could be subjective and hard to define. Infliction of emotional distress is often used as wording, and that could be open to interpretation. In some states, as noted already, there have been some prosecutions based largely on text messages.

Future implementations of such laws could involve danger to reputation, also a nebulous idea.

Teachers, including substitutes, have sometimes gotten into trouble for off-the-job web activity, with postings that they considered legitimate in their own contextual world, but that school administrators believe could affect their places as role models or that could entice or tempt students into dangerous behavior if they found the material online at home with search engines and could identify the teachers.

As a counter view, the ACLU states its position on anti-cyber-bullying legislation in a posting by James Tucker, Policy Counsel for the ACLU, “Free speech and ‘cyber-bullying’”, Jan. 15, 2008, link here.

Update: Jan. 5

Elizabeth Landau has a detailed article on CNN tonight about a finding that 54% of teens talk about sex and violence on Myspace. The link is here. Researchers are unsure of the implications of these findings but are concerned. They could also affect "reputation". At first glance, the findings seem inconclusive to me but I'll follow this more in the coming days and may have a more detailed post soon.